Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: c341d348 by security tracker role at 2018-11-07T08:10:23Z automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,10 +1,24 @@ -CVE-2018-19052 [potential path traversal with specific configs] +CVE-2018-19055 + RESERVED +CVE-2018-19054 + RESERVED +CVE-2018-19053 (PbootCMS 1.2.2 allows remote attackers to execute arbitrary PHP code by ...) + TODO: check +CVE-2018-19051 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword abt_type ...) + TODO: check +CVE-2018-19050 (MetInfo 6.1.3 has XSS via the admin/index.php?a=dogetpassword langset ...) + TODO: check +CVE-2018-19049 + RESERVED +CVE-2017-18351 + RESERVED +CVE-2018-19052 (An issue was discovered in mod_alias_physical_handler in mod_alias.c in ...) - lighttpd <unfixed> NOTE: https://github.com/lighttpd/lighttpd1.4/commit/2105dae0f9d7a964375ce681e53cb165375f84c1 CVE-2018-19048 RESERVED -CVE-2018-19047 - RESERVED +CVE-2018-19047 (** DISPUTED ** mPDF through 7.1.6, if deployed as a web application ...) + TODO: check CVE-2018-19046 RESERVED CVE-2018-19045 @@ -4518,8 +4532,7 @@ CVE-2018-17188 RESERVED CVE-2018-17187 RESERVED -CVE-2018-17186 - RESERVED +CVE-2018-17186 (An administrator with workflow definition entitlements can use DTD to ...) NOT-FOR-US: Apache Syncope CVE-2018-17185 RESERVED @@ -10690,8 +10703,7 @@ CVE-2018-14681 (An issue was discovered in kwajd_read_headers in mspack/kwajd.c - libmspack 0.7-1 (bug #904799) NOTE: https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8 NOTE: http://www.openwall.com/lists/oss-security/2018/07/26/1 -CVE-2018-14667 [Expression Language injection via UserResource allows for unauthenticated remote code execution] - RESERVED +CVE-2018-14667 (The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression ...) NOT-FOR-US: RichFaces CVE-2018-14666 RESERVED @@ -16565,16 +16577,16 @@ CVE-2018-12417 RESERVED CVE-2018-12416 RESERVED -CVE-2018-12415 - RESERVED -CVE-2018-12414 - RESERVED -CVE-2018-12413 - RESERVED -CVE-2018-12412 - RESERVED -CVE-2018-12411 - RESERVED +CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software ...) + TODO: check +CVE-2018-12414 (The Rendezvous Routing Daemon (rvrd), Rendezvous Secure Routing Daemon ...) + TODO: check +CVE-2018-12413 (The Schema repository server (tibschemad) component of TIBCO Software ...) + TODO: check +CVE-2018-12412 (The realm server (tibrealmserver) component of TIBCO Software Inc. ...) + TODO: check +CVE-2018-12411 (The administrative daemon (tibdgadmind) of TIBCO Software Inc.'s TIBCO ...) + TODO: check CVE-2018-12410 (The web server component of TIBCO Software Inc's Spotfire Statistics ...) NOT-FOR-US: TIBCO CVE-2018-12409 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/c341d348f8f63a11875da5671ab604afdd6f018e You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits